package com.sc.form_authentation.filter;

import com.sc.form_authentation.exception.VerificationCodeException;
import com.sc.form_authentation.util.MyAuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.OncePerRequestFilter;

import javax.security.sasl.AuthenticationException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

public class VerificationCodeFilter extends OncePerRequestFilter {

    private AuthenticationFailureHandler authenticationFailureHandler=new MyAuthenticationFailureHandler();
    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
        //非登录请求不校验验证码
        if (!"/auth/form".equals(request.getRequestURI())){
            filterChain.doFilter(request,response);
        }else{
            try {
                verificationCode(request);
                filterChain.doFilter(request,response);
            } catch (VerificationCodeException e) {
                authenticationFailureHandler.onAuthenticationFailure(request,response,e);
            }
        }
    }

    private void verificationCode(HttpServletRequest request) throws VerificationCodeException {
        String requestCode = request.getParameter("captcha");
        String sessionCode = (String) request.getSession().getAttribute("captcha");
        if (!StringUtils.isEmpty(sessionCode)){
            //随手清除验证码,无论失败，还是成功，客户端应在登录失败时刷新验证码
            request.getSession().removeAttribute("captcha");
        }
        //校验不通过,抛出异常
        if (StringUtils.isEmpty(requestCode)||StringUtils.isEmpty(sessionCode)||!requestCode.equals(sessionCode)){
            throw  new VerificationCodeException();
        }
    }
}
